Infosecurity Lingo

The top 13 terms that you need to know to be cyber safe:

  1. BEC scam
  2. Brute-force attack
  3. Credential stuffing
  4. Dictionary attack
  5. Email spoofing
  6. Island hopping
  7. Malware
  8. Phishing
  9. Ransomware
  10. Rootkit
  11. Spyware
  12. Scareware
  13. Zero-day

1. BEC scam

BEC stands for Business Email Compromise and it’s also known as ‘CEO Fraud’ or whaling.

BEC is a more sophisticated phishing attack. Criminals get hold of a CEO or CFO’s personal details and by using social engineering target finance departments with fraudulent emails regarding payments. 

2. Brute-force attack

A brute-force attack is one of those not particularly elegant attacks in which the attacker tries every combination of characters. It’s very effective when password-guessing short passwords and theoretically can be used for decrypting any data.

3. Credential stuffing

Credential stuffing is a cyber attack that uses stolen or leaked login credentials to gain unauthorized access to various services. It’s a large scale, automated operation, taking advantage of the fact that 25% of users use the same password for most of their accounts.

4. Dictionary attack

A dictionary attack is a slightly more elaborate brute force attack. Instead of trying every possible combination, it uses a set of predefined strings of characters which are likely to be used in a password.

5. Email spoofing

Email spoofing is about sending out email messages with a fake sender address. This technique is often used in phishing attacks or to distribute spam. Spoofing emails is easy as the communication protocol does not have any mechanism that checks if the sender is a legitimate owner of the domain.

6. Island hopping

Island hopping is an elaborate cyberattack, which involves penetrating IT systems of a company which has an established business relationship with the firm that’s the actual target of the attack.

7. Malware

Malware is software designed to harm your computer, mobile device, or pretty much any networked appliance. There’s a number of types of malware and each has its own descriptive name. 

8. Phishing

Is an attempt to obtain sensitive information such as login credentials or credit card details by pretending to be a trustworthy entity. This often starts with a fake email directing users to a bogus website which looks exactly like the real thing. Unsuspecting users will input their ID and password and submit this information to criminals. The path from there to losing your money is pretty short.

9. Ransomware

Ransomware essentially encrypts your data rendering it useless. Your only option to get your data back is paying a ransom. This attack vector usually exploits security vulnerabilities enabling root system access. That’s why it is important to keep your systems up to date. 

10. Rootkit

Rootkit is what helps any kind of malware remain undetected. It functions on the operating system’s level, as it hides malware and it might even evade some removal attempts.

11. Spyware

Spyware gathers information- often highly confidential – about you or your organization and most likely sends it out without your consent or knowledge. This information includes login credentials or internal documents.  Losing these will cause you more than just a headache. 

12. Scareware

Scareware is meant to cause shock as well as anxiety and to trick users into purchasing software, which they don’t really need. Fake warnings about detected viruses prompt users to pay and download software that will remove it. Very often though, the software itself is malicious.

13. Zero-day

Zero-day is a software vulnerability unknown or unaddressed by the vendor. Zero-day exploits take advantage of this and try to do as much damage as possible before the vendor comes up with a patch or a workaround that would mitigate this threat.

 

 

Author:

Zbigniew Mroczkowski 
Technical Writer @ Fudo Security